Capistrano is a great tool for building scripts that execute on remote hosts. While its functionality lends itself to many different applications, it’s a de facto standard for deploying Ruby on Rails apps. A few months ago, I used it to automate app deployments and other tasks such as restarting server processes, and behold, it was very good.
I had provisioned each of the remote hosts using Puppet, so I knew that my machine configurations were good. This meant that I could use the same capistrano scripts for multiple apps, as long as they used the same server stack and ran on one of these hosts. In short, consistency enables automation.
However, these are a few issues with this approach.
- Distribution of Credentials. Capistrano needs a login to the remote host. I can’t just give passwords or pem files to developers; our separation of responsibilities policy doesn’t allow it.
- Proliferation of Cap Scripts. I can’t hand over scripts to developers and expect them to stay the same. I need to centralize these things and maintain one copy in one place.
- Visibility. I need these automated tools to work in tandem with our change control processes. That means auditing and logging.
- Access Control. If I’m going to centralize, I need some way to say who can do what.
This is my solution: a web app that wraps all this functionality. Launchpad has the following features:
- A centralized repository of application data
- git urls
- deploy targets (dev, test, prod)
- remote hosts
- A UI for running capistrano tasks
- Fine-grained access control per app/environment/task
- Notification groups for deployment events (partially implemented)
- Full audit trails of all actions taken in the system and the resulting output
- Support for multiple stacks / capistrano scripts
- JSON API (deploying soon)
Launchpad owns the remote host credentials, so users never have to see them. As a result, I can give developers the ability to deploy outside of dev in a way that is safe, consistent, and thoroughly auditable. My next blog post will outline the ways in which our Change Control team has worked to accommodate this new ability.
Right now, the only stack implemented in Launchpad is an NGINX/Unicorn stack for Rails apps, but there really is no limit to what we can deploy with this tool on top of capistrano.
Launchpad is available to internal OIT developers; see me for details.
Better, Faster, More Consistent
It wasn’t long ago that OIT wasted time and energy having DBAs manually execute SQL scripts created by developers. Then, Sharif Nijim developed the “autodeploy” tool that allows us to run SQL scripts automatically from SVN tags. Developers have a faster way to run SQL without imposing on DBAs, and DBAs have their valuable time freed up for more important work. We have never looked back. I’m hoping Launchpad will do the same with application deployments. Onward!